[GIT PULL] libnvdimm fixes for v5.0-rc4
by Williams, Dan J
Hi Linus, please pull from:
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm tags/libnvdimm-fixes-5.0-rc4
...to receive a fix for namespace label support for non-Intel NVDIMMs
that implement the ACPI standard label method. This has apparently
never worked and could wait for v5.1. However it has enough visibility
with hardware vendors [1] and distro bug trackers [2], and low enough
risk that I decided it should go in for -rc4. The other fixups target
the new, for v5.0, nvdimm security functionality. The larger init path
fixup closes a memory leak and a potential userspace lockup due to
missed notifications.
These have all soaked in -next for a week with no reported issues.
[1]: https://github.com/pmem/ndctl/issues/78
[2]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1811785
---
The following changes since commit 49a57857aeea06ca831043acbb0fa5e0f50602fd:
Linux 5.0-rc3 (2019-01-21 13:14:44 +1300)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/nvdimm/nvdimm tags/libnvdimm-fixes-5.0-rc4
for you to fetch changes up to 11189c1089da413aa4b5fd6be4c4d47c78968819:
acpi/nfit: Fix command-supported detection (2019-01-21 09:58:31 -0800)
----------------------------------------------------------------
libnvdimm v5.0-rc4
* Fix support for NVDIMMs that implement the ACPI standard label
methods.
* Fix error handling for security overwrite (memory leak / userspace
hang condition), and another one-line security cleanup
----------------------------------------------------------------
Dan Williams (3):
libnvdimm/security: Require nvdimm_security_setup_events() to succeed
acpi/nfit: Block function zero DSMs
acpi/nfit: Fix command-supported detection
Dave Jiang (1):
nfit_test: fix security state pull for nvdimm security nfit_test
drivers/acpi/nfit/core.c | 66 ++++++++++++++++++++++++++++------------
drivers/nvdimm/dimm.c | 6 ++++
drivers/nvdimm/dimm_devs.c | 22 +++++++++++---
drivers/nvdimm/nd.h | 1 +
include/linux/libnvdimm.h | 1 -
tools/testing/nvdimm/dimm_devs.c | 4 +--
6 files changed, 73 insertions(+), 27 deletions(-)
2 years, 7 months
[PATCH 1/5] libnvdimm, namespace: release labels properly on error
by Wei Yang
In init_active_labels(), it iterates on ndr_mappings to create its
corresponding labels. When there is an error, it is supposed to release
those labels created. But current implementation doesn't handle this
well in two aspects:
* when error happens during ndd check, labels are not released
* just labels on current nd_mapping released, previous ones are lost
This patch extracts labels releasing code to error branch and release
labels on all nd_mapping besides only current one. By goto error branch
on error, it release all labels allocated.
Signed-off-by: Wei Yang <richardw.yang(a)linux.intel.com>
---
drivers/nvdimm/namespace_devs.c | 19 ++++++++++++-------
1 file changed, 12 insertions(+), 7 deletions(-)
diff --git a/drivers/nvdimm/namespace_devs.c b/drivers/nvdimm/namespace_devs.c
index 9471b9ca04f5..234c0c79726a 100644
--- a/drivers/nvdimm/namespace_devs.c
+++ b/drivers/nvdimm/namespace_devs.c
@@ -2451,7 +2451,7 @@ static struct device **create_namespaces(struct nd_region *nd_region)
static int init_active_labels(struct nd_region *nd_region)
{
- int i;
+ int i, errno = -ENOMEM;
for (i = 0; i < nd_region->ndr_mappings; i++) {
struct nd_mapping *nd_mapping = &nd_region->mapping[i];
@@ -2476,7 +2476,8 @@ static int init_active_labels(struct nd_region *nd_region)
dev_name(&nd_mapping->nvdimm->dev),
test_bit(NDD_LOCKED, &nvdimm->flags)
? "locked" : "disabled");
- return -ENXIO;
+ errno = -ENXIO;
+ goto error;
}
nd_mapping->ndd = ndd;
atomic_inc(&nvdimm->busy);
@@ -2500,16 +2501,20 @@ static int init_active_labels(struct nd_region *nd_region)
mutex_unlock(&nd_mapping->lock);
}
- if (j >= count)
- continue;
+ if (j < count)
+ goto error;
+ }
+
+ return 0;
+error:
+ for (; i >= 0; i--) {
+ struct nd_mapping *nd_mapping = &nd_region->mapping[i];
mutex_lock(&nd_mapping->lock);
nd_mapping_free_labels(nd_mapping);
mutex_unlock(&nd_mapping->lock);
- return -ENOMEM;
}
-
- return 0;
+ return errno;
}
int nd_region_register_namespaces(struct nd_region *nd_region, int *err)
--
2.19.1
2 years, 7 months
[PATCH] ndctl: make command be the same as function names for security functions
by Dave Jiang
Fix a few inconsistencies in the ndctl command name versus the function name.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
ndctl/builtin.h | 6 +++---
ndctl/dimm.c | 18 +++++++++---------
ndctl/ndctl.c | 6 +++---
3 files changed, 15 insertions(+), 15 deletions(-)
diff --git a/ndctl/builtin.h b/ndctl/builtin.h
index 60c3623f..681a69ff 100644
--- a/ndctl/builtin.h
+++ b/ndctl/builtin.h
@@ -32,9 +32,9 @@ int cmd_bat(int argc, const char **argv, struct ndctl_ctx *ctx);
#endif
int cmd_update_firmware(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_inject_smart(int argc, const char **argv, struct ndctl_ctx *ctx);
-int cmd_passphrase_setup(int argc, const char **argv, struct ndctl_ctx *ctx);
-int cmd_passphrase_update(int argc, const char **argv, struct ndctl_ctx *ctx);
-int cmd_passphrase_remove(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
+int cmd_remove_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_freeze_security(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_sanitize_dimm(int argc, const char **argv, struct ndctl_ctx *ctx);
int cmd_load_keys(int argc, const char **argv, struct ndctl_ctx *ctx);
diff --git a/ndctl/dimm.c b/ndctl/dimm.c
index d4e2090f..35e3190e 100644
--- a/ndctl/dimm.c
+++ b/ndctl/dimm.c
@@ -841,7 +841,7 @@ static int action_update(struct ndctl_dimm *dimm, struct action_context *actx)
return rc;
}
-static int action_passphrase_setup(struct ndctl_dimm *dimm,
+static int action_setup_passphrase(struct ndctl_dimm *dimm,
struct action_context *actx)
{
if (ndctl_dimm_get_security(dimm) < 0) {
@@ -857,7 +857,7 @@ static int action_passphrase_setup(struct ndctl_dimm *dimm,
param.master_pass ? ND_MASTER_KEY : ND_USER_KEY);
}
-static int action_passphrase_update(struct ndctl_dimm *dimm,
+static int action_update_passphrase(struct ndctl_dimm *dimm,
struct action_context *actx)
{
if (ndctl_dimm_get_security(dimm) < 0) {
@@ -870,7 +870,7 @@ static int action_passphrase_update(struct ndctl_dimm *dimm,
param.master_pass ? ND_MASTER_KEY : ND_USER_KEY);
}
-static int action_passphrase_remove(struct ndctl_dimm *dimm,
+static int action_remove_passphrase(struct ndctl_dimm *dimm,
struct action_context *actx)
{
if (ndctl_dimm_get_security(dimm) < 0) {
@@ -1335,9 +1335,9 @@ int cmd_update_firmware(int argc, const char **argv, struct ndctl_ctx *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
-int cmd_passphrase_update(int argc, const char **argv, struct ndctl_ctx *ctx)
+int cmd_update_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx)
{
- int count = dimm_action(argc, argv, ctx, action_passphrase_update,
+ int count = dimm_action(argc, argv, ctx, action_update_passphrase,
key_options,
"ndctl update-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
@@ -1346,9 +1346,9 @@ int cmd_passphrase_update(int argc, const char **argv, struct ndctl_ctx *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
-int cmd_passphrase_setup(int argc, const char **argv, struct ndctl_ctx *ctx)
+int cmd_setup_passphrase(int argc, const char **argv, struct ndctl_ctx *ctx)
{
- int count = dimm_action(argc, argv, ctx, action_passphrase_setup,
+ int count = dimm_action(argc, argv, ctx, action_setup_passphrase,
key_options,
"ndctl setup-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
@@ -1357,9 +1357,9 @@ int cmd_passphrase_setup(int argc, const char **argv, struct ndctl_ctx *ctx)
return count >= 0 ? 0 : EXIT_FAILURE;
}
-int cmd_passphrase_remove(int argc, const char **argv, void *ctx)
+int cmd_remove_passphrase(int argc, const char **argv, void *ctx)
{
- int count = dimm_action(argc, argv, ctx, action_passphrase_remove,
+ int count = dimm_action(argc, argv, ctx, action_remove_passphrase,
base_options,
"ndctl remove-passphrase <nmem0> [<nmem1>..<nmemN>] [<options>]");
diff --git a/ndctl/ndctl.c b/ndctl/ndctl.c
index 04bf56d6..b5c3bf88 100644
--- a/ndctl/ndctl.c
+++ b/ndctl/ndctl.c
@@ -88,9 +88,9 @@ static struct cmd_struct commands[] = {
{ "inject-smart", { cmd_inject_smart } },
{ "wait-scrub", { cmd_wait_scrub } },
{ "start-scrub", { cmd_start_scrub } },
- { "setup-passphrase", { cmd_passphrase_setup } },
- { "update-passphrase", { cmd_passphrase_update } },
- { "remove-passphrase", { cmd_passphrase_remove } },
+ { "setup-passphrase", { cmd_setup_passphrase } },
+ { "update-passphrase", { cmd_update_passphrase } },
+ { "remove-passphrase", { cmd_remove_passphrase } },
{ "freeze-security", { cmd_freeze_security } },
{ "sanitize-dimm", { cmd_sanitize_dimm } },
{ "load-keys", { cmd_load_keys } },
2 years, 7 months
[PATCH] ndctl: security documentation update
by Dave Jiang
In order to avoid terminology confusion, update the security man pages so
that when we are talking about keys, we are exclusively talking about the
key encryption key. The encrypted keys with payload will be referred to as
passphrase instead.
Signed-off-by: Dave Jiang <dave.jiang(a)intel.com>
---
Documentation/ndctl/intel-nvdimm-security.txt | 14 +++++++-------
Documentation/ndctl/ndctl-freeze-security.txt | 4 ++++
Documentation/ndctl/ndctl-remove-passphrase.txt | 10 +++++++---
Documentation/ndctl/ndctl-sanitize-dimm.txt | 6 +++++-
Documentation/ndctl/ndctl-setup-passphrase.txt | 16 ++++++++--------
Documentation/ndctl/ndctl-update-passphrase.txt | 17 ++++++++---------
6 files changed, 39 insertions(+), 28 deletions(-)
diff --git a/Documentation/ndctl/intel-nvdimm-security.txt b/Documentation/ndctl/intel-nvdimm-security.txt
index dc114df9..1b9e2434 100644
--- a/Documentation/ndctl/intel-nvdimm-security.txt
+++ b/Documentation/ndctl/intel-nvdimm-security.txt
@@ -58,10 +58,10 @@ of the nvdimm driver, it will:
3. Finally, create the unlock DSM, copy the decrypted payload into the DSM
passphrase field, and issue the DSM to unlock the DIMM.
-If the DIMM is already unlocked, the kernel will attempt to revalidate the key.
-This can be overriden with a kernel module parameter. If we fail to revalidate
-the key, the kernel will freeze the security and disallow any further security
-configuration changes.
+If the DIMM is already unlocked, the kernel will attempt to revalidate the
+passphrase. This can be overriden with a kernel module parameter. If we fail
+to revalidate the passphrase, the kernel will freeze the security and disallow
+any further security configuration changes.
SETUP USER PASSPHRASE
----------------------
@@ -126,9 +126,9 @@ will be issued first before overwrite.
SECURITY FREEZE
---------------
-This operation requires no key to succeed. ndctl will issue the DSM command
-and upon completion, the security commands besides status query will be locked
-out until the next boot.
+This operation requires no passphrase to succeed. ndctl will issue the DSM
+command and upon completion, the security commands besides status query will
+be locked out until the next boot.
MASTER PASSPHRASE SETUP, UPDATE, and CRYPTO ERASE
-----------------------------------------------------------
diff --git a/Documentation/ndctl/ndctl-freeze-security.txt b/Documentation/ndctl/ndctl-freeze-security.txt
index 43ea81eb..46ec30d2 100644
--- a/Documentation/ndctl/ndctl-freeze-security.txt
+++ b/Documentation/ndctl/ndctl-freeze-security.txt
@@ -55,6 +55,10 @@ OPTIONS
<dimm>::
include::xable-dimm-options.txt[]
+-v::
+--verbose::
+ Emit debug messages.
+
include::intel-nvdimm-security.txt[]
include::../copyright.txt[]
diff --git a/Documentation/ndctl/ndctl-remove-passphrase.txt b/Documentation/ndctl/ndctl-remove-passphrase.txt
index df83eaee..04722337 100644
--- a/Documentation/ndctl/ndctl-remove-passphrase.txt
+++ b/Documentation/ndctl/ndctl-remove-passphrase.txt
@@ -14,15 +14,19 @@ SYNOPSIS
DESCRIPTION
-----------
-Search the user key ring for the associated NVDIMM key. If not found,
-attempt to load the key blob. After disabling the passphrase successfully,
-remove the key and the key blob.
+Search the user key ring for the associated passphrase. If not found,
+attempt to load the passphrase blob. After disabling the passphrase
+successfully, remove the passphrase and the passphrase blob.
OPTIONS
-------
<dimm>::
include::xable-dimm-options.txt[]
+-v::
+--verbose::
+ Emit debug messages.
+
include::intel-nvdimm-security.txt[]
include::../copyright.txt[]
diff --git a/Documentation/ndctl/ndctl-sanitize-dimm.txt b/Documentation/ndctl/ndctl-sanitize-dimm.txt
index 06ce06c8..eb3d37c4 100644
--- a/Documentation/ndctl/ndctl-sanitize-dimm.txt
+++ b/Documentation/ndctl/ndctl-sanitize-dimm.txt
@@ -19,7 +19,7 @@ is the default method, and the other is overwrite the NVDIMM. ndctl will
search the user key ring for the associated NVDIMM. If not found,
attempt to load the key blob from the default location.
Security is disabled for the dimm after operation and ndctl will remove
-the key from the key ring and delete the associated key blob file.
+the passphrase from the key ring and delete the associated passphrase blob file.
OPTIONS
-------
@@ -43,6 +43,10 @@ include::xable-dimm-options.txt[]
instead of the user passphrase. This only is applicable to the
crypto-erase option.
+-v::
+--verbose::
+ Emit debug messages.
+
include::intel-nvdimm-security.txt[]
include::../copyright.txt[]
diff --git a/Documentation/ndctl/ndctl-setup-passphrase.txt b/Documentation/ndctl/ndctl-setup-passphrase.txt
index 76b55492..e9ffd7c3 100644
--- a/Documentation/ndctl/ndctl-setup-passphrase.txt
+++ b/Documentation/ndctl/ndctl-setup-passphrase.txt
@@ -18,15 +18,15 @@ DESCRIPTION
-----------
Enable the security passphrase for one or more NVDIMMs.
-Prerequisite for command to succeed:
-1. The master key has already been loaded into the user key ring.
-2. ndctl install-encrypt-key has been executed successfully.
+Prerequisite for command to succeed is that the key encryption key has already been loaded
+into the user key ring. See kernel doc on how to do this:
+https://www.kernel.org/doc/html/latest/security/keys/trusted-encrypted.html
-The encrypted key blobs will be created by ndctl in {ndctl_keysdir} directory
-with the file name of "nvdimm_<dimm unique id>_<hostname>.blob".
+The passphrase blobs will be created by ndctl in {ndctl_keysdir} directory
+with the file name of "nvdimm_<dimm-unique-id>_<hostname>.blob".
-The command will fail if the nvdimm key is already in the user key ring and/or
-the key blob already resides in {ndctl_keysdir}.
+The command will fail if the passphrase is already in the user key ring and/or
+the passphrase blob already resides in {ndctl_keysdir}.
OPTIONS
-------
@@ -47,7 +47,7 @@ include::xable-dimm-options.txt[]
-v::
--verbose::
- Emit debug messages for the namespace check process.
+ Emit debug messages.
include::intel-nvdimm-security.txt[]
diff --git a/Documentation/ndctl/ndctl-update-passphrase.txt b/Documentation/ndctl/ndctl-update-passphrase.txt
index 2a43f2bb..c09e4780 100644
--- a/Documentation/ndctl/ndctl-update-passphrase.txt
+++ b/Documentation/ndctl/ndctl-update-passphrase.txt
@@ -17,14 +17,13 @@ SYNOPSIS
DESCRIPTION
-----------
Update the security passphrase for one or more NVDIMMs.
-Prerequisite for command to succeed:
+Prerequisites for command to succeed:
1. The master key has already been loaded into the user key ring.
-2. ndctl install-encrypt-key has been executed successfully.
-3. setup-passphrase has successfully been executed previously on the NVDIMM
+2. setup-passphrase has successfully been executed previously on the NVDIMM
or NVDIMM has been successfully unlocked by the kernel.
-The updated key blobs will be created by ndctl in {ndctl_keysdir} directory
-with the file name of "nvdimm_<dimm unique id>_<hostname>.blob".
+The updated passphrase blobs will be created by ndctl in {ndctl_keysdir}
+directory with the file name of "nvdimm_<dimm-unique-id>_<hostname>.blob".
OPTIONS
-------
@@ -33,12 +32,12 @@ include::xable-dimm-options.txt[]
-k::
--key_handle=::
- The new encryption key (master) key handle, used for sealing the DIMM
+ The new master key handle, used for sealing the DIMM
encrypted keys. The format is <key type>:<key description>.
i.e. trusted:nvdimm-master
This key is expected to be loaded in the kernel's user keyring.
- This parameter is optional. If none provided, ndctl will determine
- the current key handle from the encrypted key for the NVDIMM.
+ This parameter is optional. If not provided, ndctl will determine
+ the current master key handle from the passphrase payload for the NVDIMM.
-m::
--master-passphrase::
@@ -47,7 +46,7 @@ include::xable-dimm-options.txt[]
-v::
--verbose::
- Emit debug messages for the namespace check process.
+ Emit debug messages.
include::intel-nvdimm-security.txt[]
2 years, 7 months
キラ嬢からのプロジェクトメール / Project Mail from Miss Kira
by Miss Kira
こんにちは
私の名前はキラ・ジェンゾさん、私は17歳の女の子、私は孤児であることをあなたに伝えるために書いています私は両親のただ一人の子供です
インターネット検索を介してオンラインの電子メールデータベースディレクトリからあなたの電子メールアドレスを検索し、セキュリティのためにあなたの国に移動することに興味があるかどうかについてあなたと連絡を取りたいと思います。
私は中国人です、私は英語と中国語を話します。私の父はここ数ヶ月で心臓病で亡くなりました、そして私の人生が危険にさらされているので私は心からあなたの助けを必要としています。
私はあなたと非常に重要なビジネスについて話し合い、対処したいと思います。
あなたの返事を受け取った後、私はあなたのためにもっとビジネスの詳細を書きます。
すぐに私の個人用メールアドレスkige032767(a)hotmail.xn--com-u63b4bubm7e8b7b4044d5m8h.
私はあなたの次の返事を待っています。
私のプライベートEメールアドレスにのみ返信する:kige032767(a)hotmail.com
ありがとうございます。
愛、
キラ。
スカイプID:ライブ:bekee32767
_________________________________________________________________________________
免責事項:このEメール(添付ファイルを含む)は意図する受信者にのみ送信され、特権的な機密情報が含まれている可能性があります。あなたが意図した受信者ではない場合、あなたはこのEメールのいかなる部分も使用、保持、開示、コピー、印刷、配布または配布することはできません。このEメールを誤って受信した場合は、このEメール(添付ファイルを含む)をシステムから削除し、このEメールに返信することによって直ちに送信者に通知してください。電子メール送信が、タイムリー、安全、エラーフリー、またはウイルスフリーであることを保証するものではありません。送信者は、電子メールの送信によって生じたいかなる損失、誤り、省略、または損害についても責任を負いません。
Hello dear,
My Name is Miss Kira Genzo, I am a 17 years old girl, I am writing you to let you know that I'm an Orphan, I am the only child of my parents.
I search your email address from the online e-mail Database Directory through the Internet search, I would like to communicate with you about my interest plan in relocating to your country for my safety.
I am a Chinese, and I can speak English and Chinese. My father has died of a heart attack for the past few months and I sincerely need your help now because my life is in Danger.
I want to discuss and handle a very important business with you.
I will write you more details of the business when I receive your reply.
Please reply immediately to my personal email address kige032767(a)hotmail.com
I wait for your next reply.
Reply only to my private email address: kige032767(a)hotmail.com
Thank you.
Love,
Kira.
Skype ID: live:bekee32767
_________________________________________________________________________________
DISCLAIMER: This email (including attachments) is addressed to the intended recipient only and may contain information that is privileged and confidential. If you are not the intended recipient, you must not use, retain, disclose, copy, print, disseminate or distribute any part of this email. If you have received this email in error, please delete this email (including attachments) from your system and notify the sender immediately by replying to this email. Email transmission cannot be guaranteed to be timely, secure, error or virus-free. The sender accepts no liability for any loss, error, omissions or damage arising as a result of email transmission.
2 years, 7 months
[driver-core PATCH v10 0/9] Add NUMA aware async_schedule calls
by Alexander Duyck
This patch set provides functionality that will help to improve the
locality of the async_schedule calls used to provide deferred
initialization.
This patch set originally started out focused on just the one call to
async_schedule_domain in the nvdimm tree that was being used to defer the
device_add call however after doing some digging I realized the scope of
this was much broader than I had originally planned. As such I went
through and reworked the underlying infrastructure down to replacing the
queue_work call itself with a function of my own and opted to try and
provide a NUMA aware solution that would work for a broader audience.
In addition I have added several tweaks and/or clean-ups to the front of the
patch set. Patches 1 through 3 address a number of issues that actually were
causing the existing async_schedule calls to not show the performance that
they could due to either not scaling on a per device basis, or due to issues
that could result in a potential race. For example, patch 3 addresses the
fact that we were calling async_schedule once per driver instead of once
per device, and as a result we would have still ended up with devices
being probed on a non-local node without addressing this first.
I have also updated the kernel module used to test async driver probing so
that it can expose the original issue I was attempting to address.
It will fail on a system of asynchronous work either takes longer than it
takes to load a single device and a single driver with a device already
added. It will also fail if the NUMA node that the driver is loaded on does
not match the NUMA node the device is associated with.
RFC->v1:
Dropped nvdimm patch to submit later.
It relies on code in libnvdimm development tree.
Simplified queue_work_near to just convert node into a CPU.
Split up drivers core and PM core patches.
v1->v2:
Renamed queue_work_near to queue_work_node
Added WARN_ON_ONCE if we use queue_work_node with per-cpu workqueue
v2->v3:
Added Acked-by for queue_work_node patch
Continued rename from _near to _node to be consistent with queue_work_node
Renamed async_schedule_near_domain to async_schedule_node_domain
Renamed async_schedule_near to async_schedule_node
Added kerneldoc for new async_schedule_XXX functions
Updated patch description for patch 4 to include data on potential gains
v3->v4
Added patch to consolidate use of need_parent_lock
Make asynchronous driver probing explicit about use of drvdata
v4->v5
Added patch to move async_synchronize_full to address deadlock
Added bit async_probe to act as mutex for probe/remove calls
Added back nvdimm patch as code it relies on is now in Linus's tree
Incorporated review comments on parent & device locking consolidation
Rebased on latest linux-next
v5->v6:
Drop the "This patch" or "This change" from start of patch descriptions.
Drop unnecessary parenthesis in first patch
Use same wording for "selecting a CPU" in comments added in first patch
Added kernel documentation for async_probe member of device
Fixed up comments for async_schedule calls in patch 2
Moved code related setting async driver out of device.h and into dd.c
Added Reviewed-by for several patches
v6->v7:
Fixed typo which had kernel doc refer to "lock" when I meant "unlock"
Dropped "bool X:1" to "u8 X:1" from patch description
Added async_driver to device_private structure to store driver
Dropped unecessary code shuffle from async_probe patch
Reordered patches to move fixes up to front
Added Reviewed-by for several patches
Updated cover page and patch descriptions throughout the set
v7->v8:
Replaced async_probe value with dead, only apply dead in device_del
Dropped Reviewed-by from patch 2 due to significant changes
Added Reviewed-by for patches reviewed by Luis Chamberlain
v8->v9:
Dropped patch 1 as it was applied, shifted remaining patches by 1
Added new patch 9 that adds test framework for NUMA and sequential init
Tweaked what is now patch 1, and added Reviewed-by from Dan Williams
v9->v10:
Moved "dead" from device struct to device_private struct
Added Reviewed-by from Rafael to patch 1
Rebased on latest linux-next
---
Alexander Duyck (9):
driver core: Establish order of operations for device_add and device_del via bitflag
device core: Consolidate locking and unlocking of parent and device
driver core: Probe devices asynchronously instead of the driver
workqueue: Provide queue_work_node to queue work near a given NUMA node
async: Add support for queueing on specific NUMA node
driver core: Attach devices on CPU local to device node
PM core: Use new async_schedule_dev command
libnvdimm: Schedule device registration on node local to the device
driver core: Rewrite test_async_driver_probe to cover serialization and NUMA affinity
drivers/base/base.h | 8 +
drivers/base/bus.c | 46 +----
drivers/base/core.c | 11 +
drivers/base/dd.c | 160 +++++++++++++----
drivers/base/power/main.c | 12 +
drivers/base/test/test_async_driver_probe.c | 261 +++++++++++++++++++++------
drivers/nvdimm/bus.c | 11 +
include/linux/async.h | 82 ++++++++
include/linux/workqueue.h | 2
kernel/async.c | 53 +++--
kernel/workqueue.c | 84 +++++++++
11 files changed, 564 insertions(+), 166 deletions(-)
--
2 years, 7 months
[PATCH v10 00/12] ndctl: add security support
by Dave Jiang
The following series implements mechanisms that utilize the sysfs knobs
provided by the kernel in order to support the Intel DSM v1.8 spec
that provides security to NVDIMM. The following abilities are added:
1. display security state
2. enable/update passphrase
3. disable passphrase
4. freeze security
5. secure erase
6. overwrite
7. master passphrase enable/update
v10:
- Remove install-encrypt-key support. setup-passphrase will take a master
key handle in order to allow per NVDIMM master key. update-passphrase can
take optional master key handle. (Dan)
- Rebased to latest ndctl. (Vishal)
- Moved the key management calls to ndctl/util and stop exporting. (Dan)
v9:
- Add install-encrypt-key command. (Dan)
- Change enable-passphrase to setup-passphrase. (Dan)
- Change disable-passphrase to remove-passphrase. (Dan)
- Change ndctl_dimm_get_security() to return state directly and remove
ndctl_dimm_security_supported(). (Dan)
- Remove ND_SECURITY_UNSUPPORTED state
- change ND_SECURITY_* to NDCTL_SECURITY_*
- Fix man page issues (Dan, Jane)
- Define NDCTL_KEYSDIR in config.h (Dan)
- Break check_key_run_and_discard() to 3 helper functions. (Dan)
- Remove key path input parameter. (Dan)
- Remove master key input parameter. (Dan)
- Fixup various issues in security unit test script. (Vishal)
v8:
- Additional cleanup on test script. (Vishal)
- Change load-keys script into internal command for ndctl. (Dan)
v7:
- Added option to provide path to key directory. (Vishal)
- Cleaned up shell scripts. (Vishal)
- Cleaned up documentation. (Vishal)
- Addressed various comments from Vishal.
v6:
- Fix spelling and grammar errors for documentation. (Jing)
- Change bool for indicate master passphrase and old passphrase to enum.
- Fix key load script master key name.
- Update to match v15 of kernel patch series.
v5:
- Updated to match latest kernel interface (encrypted keys)
- Added overwrite support
- Added support for DSM v1.8 master passphrase operations
- Removed upcall related code
- Moved security state to enum (Dan)
- Change security output "security_state" to just "security". (Dan)
- Break out enable and update passphrase operation. (Dan)
- Security build can be compiled out when keyutils does not exist. (Dan)
- Move all keyutils related operations to libndctl. (Dan)
v4:
- Updated to match latest kernel interface.
- Added unit test for all security calls
v3:
- Added support to inject keys in order to update nvdimm security.
v2:
- Fixup the upcall util to match recent kernel updates for nvdimm security.
---
Dave Jiang (12):
ndctl: add support for display security state
ndctl: add passphrase update to ndctl
ndctl: add disable security support
ndctl: add support for freeze security
ndctl: add support for sanitize dimm
ndctl: add unit test for security ops (minus overwrite)
ndctl: add modprobe conf file and load-keys ndctl command
ndctl: add overwrite operation support
ndctl: add wait-overwrite support
ndctl: master phassphrase management support
ndctl: add master secure erase support
ndctl: documentation for security and key management
Documentation/ndctl/Makefile.am | 10
Documentation/ndctl/intel-nvdimm-security.txt | 141 +++++
Documentation/ndctl/ndctl-freeze-security.txt | 60 ++
Documentation/ndctl/ndctl-list.txt | 8
Documentation/ndctl/ndctl-load-keys.txt | 45 ++
Documentation/ndctl/ndctl-remove-passphrase.txt | 28 +
Documentation/ndctl/ndctl-sanitize-dimm.txt | 52 ++
Documentation/ndctl/ndctl-setup-passphrase.txt | 54 ++
Documentation/ndctl/ndctl-update-passphrase.txt | 58 ++
Documentation/ndctl/ndctl-wait-overwrite.txt | 31 +
Makefile.am | 4
configure.ac | 17 +
contrib/nvdimm-security.conf | 1
ndctl.spec.in | 3
ndctl/Makefile.am | 6
ndctl/builtin.h | 7
ndctl/dimm.c | 242 ++++++++-
ndctl/lib/Makefile.am | 4
ndctl/lib/dimm.c | 183 ++++++
ndctl/lib/libndctl.sym | 9
ndctl/libndctl.h | 28 +
ndctl/load-keys.c | 256 +++++++++
ndctl/ndctl.c | 7
ndctl/util/keys.c | 650 +++++++++++++++++++++++
ndctl/util/keys.h | 60 ++
test/Makefile.am | 4
test/security.sh | 220 ++++++++
util/json.c | 17 +
28 files changed, 2193 insertions(+), 12 deletions(-)
create mode 100644 Documentation/ndctl/intel-nvdimm-security.txt
create mode 100644 Documentation/ndctl/ndctl-freeze-security.txt
create mode 100644 Documentation/ndctl/ndctl-load-keys.txt
create mode 100644 Documentation/ndctl/ndctl-remove-passphrase.txt
create mode 100644 Documentation/ndctl/ndctl-sanitize-dimm.txt
create mode 100644 Documentation/ndctl/ndctl-setup-passphrase.txt
create mode 100644 Documentation/ndctl/ndctl-update-passphrase.txt
create mode 100644 Documentation/ndctl/ndctl-wait-overwrite.txt
create mode 100644 contrib/nvdimm-security.conf
create mode 100644 ndctl/load-keys.c
create mode 100644 ndctl/util/keys.c
create mode 100644 ndctl/util/keys.h
create mode 100755 test/security.sh
--
2 years, 7 months
[ndctl PATCH 1/2] ndctl.spec.in: remove obsolete ldconfig scriptlets
by Vishal Verma
From: Igor Gnatenko <ignatenkobrain(a)fedoraproject.org>
Pulled in via Fedora packaging.
References: https://fedoraproject.org/wiki/Changes/RemoveObsoleteScriptlets
Signed-off-by: Igor Gnatenko <ignatenkobrain(a)fedoraproject.org>
[vishal: update patch so it applies to ndctl.spec.in]
Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com>
---
ndctl.spec.in | 8 ++------
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/ndctl.spec.in b/ndctl.spec.in
index bc65a47..25d5296 100644
--- a/ndctl.spec.in
+++ b/ndctl.spec.in
@@ -101,13 +101,9 @@ find $RPM_BUILD_ROOT -name '*.la' -exec rm -f {} ';'
%check
make check
-%post -n LNAME -p /sbin/ldconfig
+%ldconfig_scriptlets -n LNAME
-%postun -n LNAME -p /sbin/ldconfig
-
-%post -n DAX_LNAME -p /sbin/ldconfig
-
-%postun -n DAX_LNAME -p /sbin/ldconfig
+%ldconfig_scriptlets -n DAX_LNAME
%define bashcompdir %(pkg-config --variable=completionsdir bash-completion)
--
2.20.1
2 years, 7 months
[ndctl PATCH] libndctl: fix bb iterator leak in namespaces
by Vishal Verma
From: Piotr Balcer <piotr.balcer(a)intel.com>
We were neglecting to free bb_iterator in free_namespace(), causing a
memory leak. Close the leak by adding the required deallocation.
Signed-off-by: Piotr Balcer <piotr.balcer(a)intel.com>
Signed-off-by: Vishal Verma <vishal.l.verma(a)intel.com>
---
via github:pull/80
ndctl/lib/libndctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c
index 5eb915f..c9e2875 100644
--- a/ndctl/lib/libndctl.c
+++ b/ndctl/lib/libndctl.c
@@ -461,6 +461,7 @@ static void free_namespace(struct ndctl_namespace *ndns, struct list_head *head)
free(ndns->ndns_buf);
free(ndns->bdev);
free(ndns->alt_name);
+ badblocks_iter_free(&ndns->bb_iter);
kmod_module_unref(ndns->module);
free(ndns);
}
--
2.20.1
2 years, 7 months
[PATCH] libndctl, dimm: Don't require an xlat function
by Oliver O'Halloran
commit 62bbfce3cb62 ("libndctl, intel: Add infrastructure for
firmware_status translation") has the unfortunate side effect of making
all NDCTL commands fail with -ENOMSG unless an xlat_firmware_status
function is defined for the DIMM family. This means that none of the
DIMM label manipulation commands work anymore, unless you happen to be
using an Intel DIMM.
Cc: Vishal Verma <vishal.l.verma(a)intel.com>
Fixes: 62bbfce3cb62 ("libndctl, intel: Add infrastructure for firmware_status translation")
Signed-off-by: Oliver O'Halloran <oohall(a)gmail.com>
---
ndctl/lib/libndctl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/ndctl/lib/libndctl.c b/ndctl/lib/libndctl.c
index 06f835d76117..80d107394a74 100644
--- a/ndctl/lib/libndctl.c
+++ b/ndctl/lib/libndctl.c
@@ -2846,6 +2846,9 @@ NDCTL_EXPORT int ndctl_cmd_submit_xlat(struct ndctl_cmd *cmd)
* useful), then the xlat function is available separately as well.
*/
xlat_rc = ndctl_cmd_xlat_firmware_status(cmd);
+ if (xlat_rc == -ENOMSG)
+ return rc;
+
return (xlat_rc == 0) ? rc : xlat_rc;
}
--
2.20.1
2 years, 7 months